From 4605e884c90a1aea85e4e524b617ec7d094809a1 Mon Sep 17 00:00:00 2001
From: Daniel Kolesa <daniel@octaforge.org>
Date: Sun, 22 Jan 2023 03:00:46 +0100
Subject: [PATCH] avoid use of atoi in library code

If this overflows, it will trap.
---
 src/libical/icalcomponent.c | 6 +++---
 src/libical/icalrecur.c     | 4 ++--
 src/libical/icalvalue.c     | 6 +++---
 src/libicalvcal/icalvcal.c  | 4 ++--
 4 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/src/libical/icalcomponent.c b/src/libical/icalcomponent.c
index c89f4cf..f06e88d 100644
--- a/src/libical/icalcomponent.c
+++ b/src/libical/icalcomponent.c
@@ -2006,7 +2006,7 @@ static void icalcomponent_handle_conflicting_vtimezones(icalcomponent *comp,
                                                         const char *tzid,
                                                         icalarray *tzids_to_rename)
 {
-    int suffix, max_suffix = 0;
+    long suffix, max_suffix = 0;
     size_t i, num_elements, tzid_len;
     char *tzid_copy, *new_tzid, suffix_buf[32];
 
@@ -2062,7 +2062,7 @@ static void icalcomponent_handle_conflicting_vtimezones(icalcomponent *comp,
 
                 /* Convert the suffix to an integer and remember the maximum numeric
                    suffix found. */
-                suffix = atoi(existing_tzid + existing_tzid_len);
+                suffix = strtol(existing_tzid + existing_tzid_len, NULL, 10);
                 if (max_suffix < suffix)
                     max_suffix = suffix;
             }
@@ -2077,7 +2077,7 @@ static void icalcomponent_handle_conflicting_vtimezones(icalcomponent *comp,
         return;
     }
 
-    snprintf(suffix_buf, sizeof(suffix_buf), "%i", max_suffix + 1);
+    snprintf(suffix_buf, sizeof(suffix_buf), "%ld", max_suffix + 1);
     new_tzid = malloc(tzid_len + strlen(suffix_buf) + 1);
     if (!new_tzid) {
         icalerror_set_errno(ICAL_NEWFAILED_ERROR);
diff --git a/src/libical/icalrecur.c b/src/libical/icalrecur.c
index 522fe28..bfb81cb 100644
--- a/src/libical/icalrecur.c
+++ b/src/libical/icalrecur.c
@@ -622,7 +622,7 @@ struct icalrecurrencetype icalrecurrencetype_from_string(const char *str)
                 /* Don't allow multiple COUNTs, or both COUNT and UNTIL */
                 r = -1;
             } else {
-                parser.rt.count = atoi(value);
+                parser.rt.count = (int)strtol(value, NULL, 10);
                 /* don't allow count to be less than 1 */
                 if (parser.rt.count < 1) r = -1;
             }
@@ -639,7 +639,7 @@ struct icalrecurrencetype icalrecurrencetype_from_string(const char *str)
                 /* Don't allow multiple INTERVALs */
                 r = -1;
             } else {
-                parser.rt.interval = (short)atoi(value);
+                parser.rt.interval = (short)strtol(value, NULL, 10);
                 /* don't allow an interval to be less than 1
                    (RFC specifies an interval must be a positive integer) */
                 if (parser.rt.interval < 1) r = -1;
diff --git a/src/libical/icalvalue.c b/src/libical/icalvalue.c
index c18fad0..d046c6a 100644
--- a/src/libical/icalvalue.c
+++ b/src/libical/icalvalue.c
@@ -424,7 +424,7 @@ static int simple_str_to_double(const char *from, double *result, char **to)
     if (to) {
         *to = end;
     }
-    *result = atof(tmp_buf);
+    *result = (float)strtod(tmp_buf, NULL);
     return 0;
 }
 
@@ -532,11 +532,11 @@ static icalvalue *icalvalue_new_from_string_with_error(icalvalue_kind kind,
         break;
 
     case ICAL_INTEGER_VALUE:
-        value = icalvalue_new_integer(atoi(str));
+        value = icalvalue_new_integer((int)strtol(str, NULL, 10));
         break;
 
     case ICAL_FLOAT_VALUE:
-        value = icalvalue_new_float((float)atof(str));
+        value = icalvalue_new_float((float)strtod(str, NULL));
         break;
 
     case ICAL_UTCOFFSET_VALUE:
diff --git a/src/libicalvcal/icalvcal.c b/src/libicalvcal/icalvcal.c
index a438960..1cc06ba 100644
--- a/src/libicalvcal/icalvcal.c
+++ b/src/libicalvcal/icalvcal.c
@@ -331,7 +331,7 @@ static int get_alarm_properties(icalcomponent *comp, VObject *object,
         } else if (!strcmp(name, VCRepeatCountProp)) {
             /* If it starts with a digit convert it into a REPEAT property. */
             if (*s && *s >= '0' && *s <= '9') {
-                repeat_prop = icalproperty_new_repeat(atoi(s));
+                repeat_prop = icalproperty_new_repeat((int)strtol(s, NULL, 10));
                 icalcomponent_add_property(comp, repeat_prop);
             }
 
@@ -621,7 +621,7 @@ static void *sequence_prop(int icaltype, VObject *object, icalcomponent *comp,
 
     /* GnomeCalendar outputs '-1' for this. I have no idea why.
        So we just check it is a valid +ve integer, and output 0 if it isn't. */
-    sequence = atoi(s);
+    sequence = (int)strtol(s, NULL, 10);
     if (sequence < 0)
         sequence = 0;
 
-- 
2.39.0

